Repairing security holes in cryptocurrencies often takes a long time, researchers find

by · May 8, 2023

Repairing security holes in cryptocurrencies often takes a long time, researchers find

This article has been reviewed according to Science X’s editorial process and guidelines. Editors have highlighted the following characteristics while ensuring the credibility of the content:

fact-checked

preprint

reliable source

proofread

The source code for many applications, including for the cryptocurrency Bitcoin, is freely available on the internet – you can easily copy it and start your own cryptocurrency. Credit: Michael Schwettmann

A defining characteristic of cryptocurrencies is that they are organized in a decentralized system and are not managed by a central bank like conventional currencies. This creates problems when researchers discover security vulnerabilities in the systems of virtual currencies. Sometimes it is unclear who operates a system, whether a system is affected by a certain vulnerability or whether a bug has been fixed.

Researchers working with Professor Ghassan Karame, who is a member of the Cluster of Excellence CASA—Cybersecurity in the Age of Large-Scale Adversaries at Ruhr University Bochum, Germany, have investigated how long it takes for proven security vulnerabilities in various cryptocurrencies to be patched. . The Ruhr University’s science magazine Rubin reports on their findings, and a preprint version is available at arXiv.

44 serious security vulnerabilities tested

The source code of Bitcoin, probably the most famous cryptocurrency, is openly available on the internet. Anyone can copy it and launch their own cryptocurrency. This is how a number of Bitcoin variants have been created, which are widely known under the umbrella term altcoins.

Security vulnerabilities found in the Bitcoin code usually affect the altcoin code as well. Together with his colleagues, Ghassan Karame investigated how various cryptocurrencies have responded to 44 of the most serious network security vulnerabilities that have been documented in recent years.

This included a vulnerability that Karame and his collaborators had disclosed in 2015. “Back then, we showed that if we had control over as few as tens of laptops in the system, we could shut down the flow of information in the entire Bitcoin system,” says Karame.

See also  Bitcoin could reach $500,000 in the next decade, says MicroStrategy's Michael Saylor

Many cryptocurrencies take months or even years to patch vulnerabilities

Using a tool developed specifically for this purpose, the researchers calculated the time it took for various cryptocurrencies to close the security gap described above. “In a nutshell: the results were a shock,” says Ghassan Karame.

While Bitcoin fixed the vulnerability in just seven days, for example Litecoin took 114 days, Dogecoin 185 days and Digibyte almost three years. “Three years where you could have crashed the entire system of the respective cryptocurrency with as few as tens of laptops,” says Karame.

The same pattern kept showing up again and again in the analyzes of other security holes: for many altcoins, the number of days it took to fix the bugs was in the three or even four-digit range.

More information:
Sebastien Andreina et al., Estimating Patch Propagation Times across (Blockchain) Forks, arXiv (2022). DOI: 10.48550/arxiv.2205.07478

Journal information:
arXiv

Related posts:

  1. Bitcoinist Book Club: “The Bitcoin Standard” (Ch. 9, Part 2, Instant Settlement)
  2. How many bitcoin miners will survive the winter?
  3. Learning About Bitcoin Is Financial Freedom – Bitcoin Magazine
  4. New Bitcoin Price Prediction of $250k

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Headline Posts